mandriva

Ticket #210 (reopened defect)

Opened 9 months ago

Last modified 9 months ago

Computers added to domain can't be added to group Domain Computers

Reported by: sasha@tactel.com.ua Assigned to: cdelfosse
Priority: normal Milestone: 2.4.0
Component: mmc-web-samba Version: 2.3.0
Severity: normal Keywords: samba, Primary Group SID, Domain Computers
Cc:

Description

Summary is the problem itself. If I add the Computer using MMC - it will never displayed in Domain Computers Group.

If I force to add attribute (similar to Domain Users) to that group - memberUID:comp$ for exapmle, or add a computer via another LDAP management tool (LAM for example), it will be displayed. But MMC don't uses this anyway. And I even can't delete computer from right tab. Only by hands, as it was added.

May be this is because I have misconfigured SAMBA/LDAP but I check everything twice before become sure of this problem.

Yes I have errors like 

pdb_get_group_sid: Failed to find Unix account for comp$

in my messages. But I can't figure out how to fix this.

And also I have this: 

pdbedit -Lw sasha$
...
Unix username:        comp$
NT username:          comp$
Account Flags:        [W          ]
User SID:             S-1-5-21-3882935298-3125378829-2517500288-21004
pdb_get_group_sid: Failed to find Unix account for comp$
Primary Group SID:    (NULL SID)
Full Name:             laptop
Home Directory:       \\company-sever1\comp_
...

May be my problem near this?

Attachments

Change History

04/18/08 20:09:06 changed by anonymous

  • keywords set to samba, Primary Group SID, Domain Computers.
  • component changed from general to mmc-web-samba.
  • milestone changed from 2.4.0 to 2.3.1.

04/21/08 11:48:49 changed by cdelfosse

Hello,

does NSS/LDAP works ? Please check your /etc/nsswitch.conf file.

Regards,

04/21/08 12:12:37 changed by sasha@tactel.com.ua

Here is my nss_ldap.conf

]# cat /etc/nsswitch.conf 

#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
#       nisplus or nis+         Use NIS+ (NIS version 3)
#       nis or yp               Use NIS (NIS version 2), also called YP
#       dns                     Use DNS (Domain Name Service)
#       files                   Use the local files
#       db                      Use the local database (.db) files
#       compat                  Use NIS on compat mode
#       hesiod                  Use Hesiod for user lookups
#       [NOTFOUND=return]       Stop searching if not found so far
#

# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd:    db files nisplus nis
#shadow:    db files nisplus nis
#group:     db files nisplus nis

passwd:     files ldap
shadow:     files ldap
group:      files ldap

#hosts:     db files nisplus nis dns
hosts:      files dns

# Example - obey only what nisplus tells us...
#services:   nisplus [NOTFOUND=return] files
#networks:   nisplus [NOTFOUND=return] files
#protocols:  nisplus [NOTFOUND=return] files
#rpc:        nisplus [NOTFOUND=return] files
#ethers:     nisplus [NOTFOUND=return] files
#netmasks:   nisplus [NOTFOUND=return] files     

bootparams: nisplus [NOTFOUND=return] files

ethers:     files
netmasks:   files
networks:   files
protocols:  files ldap
rpc:        files
services:   files ldap

netgroup:   files ldap

publickey:  nisplus

automount:  files ldap
aliases:    files nisplus

04/21/08 16:22:59 changed by cdelfosse

Does getent work ? For example: 

# getent group "Domain Computers"
Domain Computers:x:515:

04/21/08 16:25:31 changed by sasha@tactel.com.ua

Sure.

[root@server1 1]# getent group "Domain Computers" Domain Computers:*:515: [root@server1 1]#

04/22/08 09:05:58 changed by cdelfosse

  • milestone changed from 2.3.1 to 2.4.0.

04/24/08 09:38:48 changed by cdelfosse

  • status changed from new to closed.
  • resolution set to fixed.

See #208

04/24/08 11:57:11 changed by sasha@tactel.com.ua

  • status changed from closed to reopened.
  • resolution deleted.

I still can't get correct behavior with MMC-console and group Domain Computers. As available members on the left panel of the group Domain Computers I can only see regular domain users, not computers. On the right panel I have nothing (eg no computers). 

# getent group "Domain Computers"
Domain Computers:*:515:

But 

# id test$
uid=10005(test$) gid=515(Domain Computers) groups=515(Domain Computers)

04/24/08 14:50:13 changed by cdelfosse

Ah, I know understand your problem. But the group membership page was designed only for user accounts, not computer accounts.

Add/Change #210 (Computers added to domain can't be added to group Domain Computers)




Change Properties
Action